I have a suggestion. The Access Token gets expired daily after 24 hours and each time we have to delete them manually. I generate 5 tokens daily and have to delete them manually. Can the same not removed automatically after expiration i.e. after 24 hours of generation of keys. Please look into the same and arrange to remove the keys automatically after expiry.
Hey @M_K_Shukla ,
Thanks for sharing your suggestion! Weâve noted your feedback regarding automatic removal of expired access tokens and will pass it on to the concerned team.
1 Like
Hi. Other platforms like 5Paisa and DefineEdge have incorporated API Key, Secret and TOTP directly in their python library itself. This makes automation of sign-in very smooth and automatic. In case of Dhan, you have to generate Access Tokens everyday now as the new rule have given only 24 hour limit. Further in Dhan, you have not automated the TOTP session in your python library. Its manual and makes coding very cumbersome to login everyday. Can you please please automate the TOTP in python library itself and make it very urgent please. Tired of daily token generation.
1 Like
Hey @Randolf_Tillow ,
We have provided the manual steps for API key based login. The automation can be implemented at your end however, it is not yet integrated into the Python library. We may try to include the same in future updates.
1 Like
Yes same here but they dont listen. They are adamant on manual process.
Can you please explain how to do the automation at our end? I am very novice when it comes to python - please explain step by step process. Please donât refer me to documentation. If you can show with example then it will help a lot
Please implement the changes fast or else we will have to migrate to other platforms which have solved this problem even before the upgrade.
@Randolf_Tillow Can you share which other platform doesnât have the same issue? Is it Fyers? I think they provide free data APIs too for Algo.
Hey @Randolf_Tillow,
You may automate the access token generation process from your end using the manual steps shared here:
Automation is possible but needs to be implemented from your side. You may also use web drivers like Selenium to handle the process automatically.
5Paisa and DefineEdge have directly incorporated API and TOTP in their python library itself. Super convenient to automate.
Thanks Trishul, but honestly the documentation sucks big time for a novice python implementer. No clear example or steps really laid out.
@Trishul_Devadiga / @Shrutika_Poojari
I have deployed my algo on cloud. earlier I had to update the token once in 30 days. Now that you have updated the expiry time to 24 hr, I had to update the token everyday. Ah, Do you see any alternative solution?
Hey @Rajashekhar_Rangappa ,
Due to regulatory requirements, the access token validity is now limited to 24 hours. You can, however, generate the access token directly from your portal without logging in to web.dhan.co.
To do this, set up API key-based login using TOTP hereâs the manual guide: Authentication - DhanHQ Ver 2.0 / API Document
We have provided the manual guide , you may automate this process at your end.
@Shrutika_Poojari Thanks for the quick response.
FYI⌠Iâm using TradeHull SDK and the algo is hosted on aws. I donât think itâs possible. ya?
Hey @Rajashekhar_Rangappa ,
Even if you are using the tradehull library , the process for the api key based login is same for every user , so yes it is possible.
getting
{"errorType":"Order_Error","errorCode":"DH-906","errorMessage":"Invalid Token"} though token is within 24H.
@Shrutika_Poojari
Hey @Rajashekhar_Rangappa ,
Request you to use GET function and use this URL to refresh the access token.
curl --location âhttps://api.dhan.co/v2/RenewTokenâ
âheader âaccess-token: {JWT Token}â
âheader âdhanClientId: {Client ID}â
Once done try placing the api call again and let us know if its working for you or not.
@Shrutika_Poojari Yes, its working only once via curl like above.
However, it fails if i try to refresh again. Is there a limit behind the token refresh? 
Hey @Rajashekhar_Rangappa ,
It works only the first time because the refresh API needs an access token thatâs still active. When you hit the refresh endpoint, it immediately generates a new access token and the old one becomes inactive, even though the Dhan web dashboard might still show it as active. So if you try to refresh again using the old token, it wonât go through. Just use the newly generated access token for any further refresh calls and youâll be all set.
@Trishul_Devadiga @Dhan As I am testing out the APIs, I want to share a suggestion. Seems currently Dhan just has 2 states for the token, i.e Active and Inactive. Can Dhan include another state, i.e. Expired? If a token is Expired, normal apis cannot be called but this Expired token can be renewed using the RenewToken api. At the moment, the RenewToken api is a blocker because it doesnât work on the tokens with the state âInactiveâ. Also please change the errorMessage from âInvalid Tokenâ to âExpired Tokenâ. In terms of security, please link the token and client id together so that if another client tries to access the api using a token not generated from his/her account then itâs actually invalid.